The European Commission's Directive on Data Protection, which came into effect in October 1998, prohibits the transfer of personal data from European Union member states (plus Iceland, Norway, and Liechtenstein) to non-European Union nations, including the United States, that do not meet the European "adequacy" standard for privacy protection. Given the EU’s and US’s different approaches to privacy, the Directive could have significantly hampered the ability of US businesses to engage in many trans-Atlantic transactions.
To bridge these different privacy approaches and provide a streamlined means for US organizations to comply with the Directive, the US Department of Commerce - in consultation with the European Commission - developed a "safe harbor" framework. The Safe Harbor - approved by the EU in July of 2000 – enables US businesses to avoid interruptions in their business dealings with the EU or prosecution by European authorities under European privacy laws. Certifying to the Safe Harbor will ensure that EU organizations know your business provides "adequate" privacy protection, as defined by the Directive.
The Safe Harbor arrangement requires US businesses to provide an independent dispute resolution option to EU individuals whose personal data they collect. We created the BBB EU Safe Harbor to help businesses meet this requirement and continue to conduct business in Europe. Visit the Department of Commerce "Safe Harbor" Web site for additional information.
Where do I start?